In this article, the Active User Filtering feature is explained as well as how you can enable it with Microsoft Entra ID.
Prerequisites
- Only partner administrators can configure the integration.
- You must have access to Dark Web ID and Azure accounts.
Active User Filtering feature
Dark Web ID monitors all email addresses within an organization’s domain, even email accounts that are no longer active. This can result in unnecessary notifications being created.
The Active User Filtering feature enables you to specify the email addresses you want Dark Web ID to monitor. Therefore, notifications and tickets for only these email addresses will be created in your integrated systems. Also, clean bill of health emails and daily and monthly summary alert emails will include information for only the email addresses for which Active User Filtering applies.
The Active User Filtering feature is enabled at the organization level by adding a directory to an organization. The directory types that can be added are:
- CSV: You can create a CSV file to upload multiple email addresses at once in Dark Web ID. For more information, see the article Enabling the Active User Filtering feature.
- Microsoft Entra ID: The Microsoft Entra ID directory type creates an integration between Dark Web ID and Microsoft Entra ID. This allows you to select a group from Microsoft Entra ID containing the desired email addresses. The rest of this article focuses on adding the Microsoft Entra ID directory type to an organization.
Adding the Microsoft Entra ID directory type
To add the Microsoft Entra ID directory type:
- Log into Azure Portal.
-
In the upper-left corner, click the menu icon.
-
Select Microsoft Entra ID.
-
Expand the Manage item and select App registrations.
-
In the top menu bar, click + New registration.
-
On the Register an application page, enter an application name. In the Supported account types section, select Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant).
-
At the bottom of the page, click the Register button.
An Application (client) ID, and Directory (tenant ID) are displayed. The IDs are needed to authenticate in DarkWeb ID.
-
In the navigation menu, select Manage > API permissions.
-
Click Add a permission.
-
Click Microsoft Graph.
-
Click Application permissions.
-
In the Select permissions search box, enter Group. Click the Group dropdown and select the Group.Read.All check box.
-
Scroll down to User, click the dropdown and select User.Read.All. Click Add permissions.
- On the API Permissions page, click Grant admin consent for Default Directory.
-
In the confirmation modal, click Yes. The Status column in the Configured permissions table indicates the permissions have been granted.
-
In the navigation menu, click Certificates & secrets.
-
Click +New client secret. This secret is needed to authenticate with Dark Web ID.
-
In the Add a client secret pane, providing a Description is optional. In the Expires list, select when the secret should expire. Click the Add button.
Note: When the client secret expires, you will be required to create a new one.
-
Copy the Value field from the client secret you just created. You will need this value in the next procedure.
Note: Make sure you copy the Value field, not the Secret ID number.
Important: The client secret is only visible temporarily and should be safely recorded or used, as it will not be retrievable later.
Note: To delete a client secret, click the delete icon at the end of the row. To create a new client secret, perform steps 17 through 19.
Syncing Dark Web ID with Microsoft Entra ID
To sync Dark Web ID with Microsoft Entra ID, you will use account information that was created when completing the procedures above.
To sync DarkWeb ID with Microsoft Entra ID:
- Log into DarkWeb ID.
-
In the navigation menu, select Organizations.
- In the Active User Filtering column, for the applicable organization, click Add Directory.
-
In the Add Directory Sync modal, complete the following:
- Directory Type: Select Azure.
- Client Secret: Paste the secret value you copied in step 19 from the previous procedure.
- In Microsoft Azure, on the breadcrumb trail, click App registrations.
- Click the All applications tab and click the name of your application.
Note: If you don't see your application listed, refresh the page.
-
On the App registrations page:
- Copy the Application (client) ID and paste it into the Client ID field in the Add Directory modal (in Dark Web ID).
- Copy the Directory (tenant) ID and paste it into the Tenant ID field in the Add Directory modal (in Dark Web ID).
- At the bottom of the modal, click the Add button.
- In the Group list, select a group.
- Click the Add button.
Active User Filtering is now enabled for the organization.
Note: If desired, Active User Filtering can be disabled by clicking Remove Directory.